Virus Database

Win32.Devir

Description Win32.Devir

This is a per-process memory resident parasitic poly-morphic Win32-virus. The virus infects PE EXE files that have .EXE filename extensions. When run, the virus infects files in current directory only.
The virus also stays in the system memory as a component of the infected host program, gains access to KERNEL functions and intercepts 10 of them: file opening, copying, moving functions, etc. When a PE EXE file is accessed by these functions, the virus infects it. As a result, the virus will infect all PE EXE programs that are accessed by infected the host program, and the virus will be active until the moment the host program exits. The virus also hooks, selecting a new directory function, and infects PE EXE files in there.
The PE EXE infection method is a complex and is similar to the Win32.Driller virus. The block of host file code that is overwritten by the virus poly-morphic routine in some cases may be also compressed during infection.
The virus also contains a backdoor routine that opens an Internet connection, waits for its author's instructions and then follows them: sends/receives files, executes programs, reports system information, etc.
The virus contains the following "copyright" text:
Intruder v.0.1 by Deviator//HAZARD

Check other viruses! Be aware! Use Antiviral Software

HNYS.770

Description HNYS.770

It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that are executed. From 1st till 7th of January the virus displays the message:
HAPPY NEW YEAR,SLOVAKIA

Hob

Description Hob

This is a harmless memory resident stealth boot virus. It hooks INT 13h and infects the MBR of the hard drive and floppy disk boot sector in the A: drive. The virus checks the CMOS fields and in case of AWARD infects the MBR only in case the BIOS VirusWarning protection is disabled. The virus contains the text string:
h0b13BzZ

Home